ClawHub

Pledgeling

v1.0.2

Pledgeling integration. Manage data, records, and automate workflows. Use when the user wants to interact with Pledgeling data.

0· 77·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Pledgeling integration) match the instructions: all runtime steps use the Membrane CLI to discover connectors, create a connection, run actions, or proxy requests to the Pledgeling API.
Instruction Scope
SKILL.md directs the agent to install and use the Membrane CLI, run browser-based login flows, create connections, and proxy API calls. It does not instruct reading unrelated files or environment variables. Note: proxying means Membrane's service will see proxied requests and responses.
Install Mechanism
There is no automated install spec in the registry; the instructions recommend installing @membranehq/cli via npm (a normal public package). This is reasonable, but installing a global npm CLI writes to disk and comes with standard supply-chain risk.
Credentials
The skill declares no required env vars or secrets and explicitly advises not to ask users for API keys. It relies on a Membrane account for authentication, which is proportionate to the stated integration purpose.
Persistence & Privilege
The skill is not always-enabled, is user-invocable, and does not request system-wide changes or other skills' configs. Normal autonomous invocation is allowed (platform default).
Assessment
This skill appears coherent and uses the Membrane CLI to access Pledgeling; it does not ask for local secrets. Before installing/use: 1) Verify you trust the @membranehq/cli npm package and the Membrane service (review their repo, maintainers, and privacy policy). 2) Understand that Membrane acts as a proxy — its servers will see any data you send to Pledgeling. 3) Be cautious installing global npm packages (supply-chain risk); consider auditing the package or running it in a restricted environment. 4) During login, review requested OAuth scopes and avoid pasting credentials into chat. 5) If you plan to allow the agent to invoke the skill autonomously, be aware the agent could run Membrane commands that modify remote Pledgeling data — restrict access if you need to prevent automated changes.

Like a lobster shell, security has layers — review code before you run it.

latestvk97chppkeetk3h9grkeaesqka9842bjh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments